• Recent Posts

  • Categories

  • Archives


The (ro)bots are here

Friday, April 15th, 2016

robotFor decades sci-fi movies have told us robots will take over the world one day. We don’t have to prepare for a robot war just yet, but they are part of our lives. We just don’t realise it. 

Bots have been in the news recently; some, like Tay, for the wrong reasons. But why all the fuss suddenly?

One of the reason is the swift improvement of the artificial intelligence technology bots are powered with. Key Silicon Valley players Facebook, Google and Telegram have been at the forefront of these developments. At Wednesday’s F8 conference Facebook announced that were adding various bots, including a CNN bot, to their Messenger app.

Most of us don’t know what a bot is and what it does. Even though it sounds suspicious, a bot is merely software designed to automate and complete simple and repetitive tasks you would usually perform yourself. For example, adding appointments to your calendar or making reservations, ordering food, etc. If you were living in America, you’d be able to use the Taco Bell bot to order and pay for your meal.

Chatterbots or chatbots are used in messaging apps and to simulate conversations via auditory or textual methods. They are designed to engage in small talk and ideally they should convince the person on the other end that the program is human.

Large international companies Lloyds Banking Group, Royal Bank of Scotland, Renault and Citroën all use automated chatterbots.  They can be used to answer basic customer enquiries, a function a call centre agent might normally deal with, or to acquire information. 

Other bots can help you schedule meetings by e-mail. The bot is added to your e-mail thread and continues the conversation needed to schedule a meeting. 

Unfortunately, bots can be used for malicious purposes. For example, posing as a human in chat rooms to tempt users to divulge personal information. They can be found on Yahoo! Messenger, Windows Live Messenger, AOL Instant Messenger and other instant messaging protocols.  

Next time you send a chat message to someone at a call centre, you might be talking to Amy, the bot, not Amy, the human. We can confirm that all our own IT Service desk agents are 100% human.

More recent articles on bots (and robots!):

Shopify acquires Kit, the artificially intelligent marketing bot
Hitachi’s cute new customer service robot seeks out lost customers
Fear the future: Donalddrumpfbot coming to Facebook Messenger 
Facebook’s David Marcus explains how bots are going to change Messenger
This personal shopping startup just launched one of the first Facebook Messenger bots
Facebook launches Messenger platform with chatbots
Microsoft created a bot to auto-caption photos and it’s going hilariously wrong



Attack of the trojans, bots & zombies

Friday, August 30th, 2013
Once of the most common questions we are asked by users is: How do these spammers get my e-mail address? Previously we looked at Rumpelstiltskin attacks and this week we will focus on the second of the methods –  by using Trojan Horses, Bots and Zombies. Now, thet may sound like something from a movie, but they do pose quite a serious threat to you as e-mail user.

Let us use a familiar example. You regularly exchange emails with your elderly mother who has a computer. Your mother uses Outlook or Thunderbird and has dozens of emails from you in her inbox. She even added you to her address book. She also has lots of emails from a distant family member – cousin Johan from Australia. You haven’t stayed in touch with Johan that closely over the years, but you definitely know who he is.

Last year, just before the Christmas, Johan downloaded and installed this really pretty Christmas screensaver that showed tranquil tree and candle scenes when he wasn’t using the computer. What he didn’t know was that the screen saver had a sinister hidden payload. While the candles flickered peacefully on his screen, the software went to work combing through his emails and address book, his browser’s cache of past webmail sessions and other files, storing every email address it would find in a separate list.

Then it sent the entire list to a server in Russia, where a criminal combined it with other such submissions to build the ultimate monster spam list that can be sold and resold over and over again.

But as if that wasn’t enough, when the “screensaver” sent the address list to Russia, it received some content in return – messages to be sent to all of Johan’s contacts. Then, unbeknownst to John, his computer started creating hundreds of emails randomly using the harvested email addresses in the To: and From: field along with the content from the Russian server and sent them out using Johan’s Internet connection. One of them used your mother’s email address as sender and yours as recipient.

Now you received some spam from your mother asking you to buy fake watches and you’re ready to speak to her telling her to stop. Well, don’t. Your mother has obviously nothing to do with the whole thing and you’ll never find out that it was actually Johan’s computer.

You just had a look into the really nasty underworld of the Internet where botmasters (the guy in Russia) control botnets (infected computers that all report to the same server) of remote-controlled zombies (Johan’s computer) that were compromised using trojan horses (the screensaver) or similar malware.

And it doesn’t even end there. The botmaster typically doesn’t spam for his own account but hires out his botnet to whoever pays the most. The equally shady factory in China wanting to sell more fake Rolexes can now hire the botmaster to blast their offers all over the internet. The guy in Russia doesn’t even care if you open or click on that email from your mother, he gets paid either way. And when he’s done with the watches, he’ll inform his entire mailing list that they all won the lottery and can pick up the prize if only they pay a small “transfer fee” up front. And after that, he’ll mail a Paypal phish for yet another “client”. And for good measure, he’ll sell his entire email address database, incl. yours, to a friend who is in the same line of “business”.

In other words, once your email address got picked up by a botnet, Pandora’s Box is wide open. The whole scheme is particularly wicked because now you have to depend on others to keep your address safe. Unfortunately, there is little you can do:

  • First of all, do your own share: NEVER open email attachments that you didn’t ask for, even if they appear to come from good friends like Johan. If you’re still curious, ask Johan or your mother first if they really sent it.
  • NEVER download anything where you can’t in­de­pend­ent­ly verify it’s safe. With“independently verify” I mean you can read about it in forums, blogs, news sites, your local “computer geek” etc. Facebook fan pages, even with 1000s of “fans”, do NOT count, they are way too easy to manipulate and are usually full of misinformation!
  • NEVER get fooled by fake “security scans” (they’re quite the opposite!) or“video codec updates” to see that funny kitten clip. If you think you need a new Flash player, type in by hand and update from there. If afterwards the site still says you need an “update” get out of there as fast as you can.
  • Then educate your friends and family about the same. Explain how trojans work. Send them a link to this blog page!
  • You can try having multiple private email addresses. Keep a super-private one, only for family and very few of your closest friends.  Use your university address for everyone you work with and don’t use this for private mail – EVER!  Get a semi-private one for your wider social circle. The latter two do get some spam, although it’s still manageable. GMail has a very good “spam filter”, and blacklisting spammers is very easy!




© 2013-2021 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.